Over the past decade, mobile money has emerged as the leading financial service in a growing number of countries, with more than one billion dollars now transacted every day. The business is also changing as it evolves into a payment platform, based, in part, on strong data analytics and partnerships with third-party providers. This shift is one of the most significant developments in emerging market financial services since the arrival of mobile money over a decade ago.

In this context, data protection is critical to ensuring that data is not only fuelling innovation, but also that it is handled in a safe and responsible manner. To that end, mobile operators are building on the technical and compliance capabilities of the core GSM business to advance data protection in mobile money. In emerging market countries where data protection regulations are either outdated or yet to be introduced, there is also an active dialogue about how future rules can both ensure consumer protection and facilitate broad access to the digital economy.

Recognising these efforts, the GSMA has developed a set of Guidelines, based on inputs from a range of privacy experts and mobile money providers, to outline some of the industry’s best practices in approaching the privacy, security, and integrity of consumer data. They reflect initiatives spearheaded by the GSMA and its members since 2009, including the GSMA Mobile Privacy Principles and the GSMA Mobile Money Certification. The Guidelines encompass seven core principles of data protection: data governance; user choice and control; data minimisation; openness, transparency and notice; data and information security; data sharing; and accountability.

Ultimately, the key purpose of these Guidelines is to raise awareness among stakeholders, including governments, on the best data protection practices in the mobile money industry. In the Guidelines, we recognise the dynamic and fast-evolving nature of this topic. As such, we welcome your comments and questions.